Daily Crunch: Apple’s subscription fix

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Apple’s iOS update makes it easier to get to your subscriptions

Moving the Manage Subscriptions menu so that it’s just one click away from your App Store profile might seem like a minor change, but it was needed: As more mobile apps have adopted subscriptions as a means of generating revenue, it’s become critical to ensure consumers know how to turn off their subscriptions.

Plus, Apple is expected to launch some subscriptions of its own, namely for its streaming video and news services.

2. Instagram confirms that a bug is causing follower counts to change

Don’t panic! Instagram says it’s “aware of an issue that is causing a change in account follower numbers for some people right now” and is “working to resolve this as quickly as possible.”

3. Autonomous truck startup TuSimple hits unicorn status in latest round

Today, TuSimple is taking three to five fully autonomous trips per day for customers on three different routes in Arizona.

4. Sixteen percent of US adults own a smartwatch

The latest figures out of NPD show a continued uptick in smartwatch sales here in the States. The category has been a rare bright spot in an overall flagging wearable space, and the new numbers show gains pretty much across the board.

5. JibJab, one of the first silly selfie video makers, acquired by private equity firm Catapult Capital

Founded in 1999 by brothers Evan and Gregg Spiridellis after they saw “an animated dancing doodie streaming over a 56K modem,” JibJab’s big break came during the 2004 presidential campaign, when its satirical “This Land” racked up more than 80 million views.

6. Eight Sleep unveils The Pod, a bed that’s smarter about temperature

Eight has been focused on bed temperature for a while, first by offering a smart mattress cover and then a smart mattress that allows owners to adjust the surface temperature and even set different temperatures for different sides of the bed. But The Pod goes even further, with a smart temperature mode that will change bed temperature throughout the night to improve your sleep.

7. Ubisoft and Mozilla team up to develop Clever-Commit, an AI coding assistant

Clever-Commit is an assistant that learns from your code base’s bug and regression data to analyze and flag potential new bugs as new code is committed.

from Apple – TechCrunch https://tcrn.ch/2GFWNCP

Sling TV closes year with 2.4 million subscribers, but growth slowed significantly

Sling TV’s growth has slowed dramatically as the competitive landscape for live TV streaming services has heated up. Despite this, the Dish-owned streaming service remains ahead of rivals in terms of subscriber count – largely due to it being first to market with streaming TV. Dish said today it closed out the year with 2.417 million Sling TV subscribers. That puts it ahead of AT&T’s DirecTV Now, which ended 2018 with 1.6 million subscribers.

It’s also more than newcomers like YouTube TV and Hulu with Live TV. The latter topped 1 million subscribers this past fall. YouTube TV doesn’t report its numbers, but had an estimated 800,000 subscribers as of last July. It’s likely neck-and-neck with Hulu Live TV at this point.

Dish reported its Sling TV numbers as a part of its Q4 2018 earnings, which also indicated that Sling TV is nowhere near making up for the subscriber loss from Dish’s satellite TV service. The company lost 1.125 million satellite TV subscribers during its fiscal 2018, up from the 995,000 it lost the year prior.

Meanwhile, Dish added a net gain of 205,000 Sling TV subscribers in 2018. That’s down from the 711,000 added in 2017 and the 878,000 added in 2016.

The company closed out the quarter with 12.32 million total pay TV subscribers, including 9.90 million Dish TV subscribers and 2.42 million Sling TV subscribers, it said.

In addition to the increased competition from other streaming services and a price increase, Dish’s carriage disputes have also impacted Sling TV.

The company no longer carries Univision on Dish or Sling TV. Plus, HBO and Cinemax left Dish and Sling TV on October 31, due to a dispute with the premium networks’ new owner, AT&T.

The move to drop HBO and Cinemax had already taken its toll on Sling TV in Q3, when Dish reported a net add of only 26,000 new Sling TV subscribers for the quarter.

In the months since, Sling TV has been trying new tactics to attract customers – including rolling out free content to non-subscribers, offering a la carte subscriptions that don’t require a core programming package, and, most recently, launching personalized recommendations.

Unfortunately for Sling TV, these moves may not be enough. And things won’t get better in 2019 as a number of new streaming video services compete for customers’ dollars – like those from Time Warner, Apple, and Disney.

 

 

 

from Apple – TechCrunch https://tcrn.ch/2Gq8M8e

Apple’s iOS update makes it easier to get to your subscriptions

Apple has made a small but important change to iOS that will allow users an easier way to manage their app subscriptions. In the latest release of the mobile operating system (iOS 12.1.4 and 12.2 beta), the company has relocated the “Manage Subscriptions” setting so it’s only one click away when you tap on your profile in the App Store, instead of being buried more deeply within the settings.

This may seem like a minor change, but it was a much-needed one.

As more mobile apps have adopted subscriptions as a means of generating revenue, it’s become critical to ensure consumers knew how to turn their subscriptions off. And, based on a reading of many angry App Store app reviews, many people don’t know how to do this. Most assume that they should reach out to the developer to have their subscription disabled – after all, it’s the developer who’s charging them.

It’s not really the customer’s fault for being unaware of how the process works, as Apple had made getting to the subscription management screen far more difficult than it should be.

In iOS Settings, for example, you would have to click iTunes & App Store –> Apple ID: –> View Apple ID –> then scroll all the way to the bottom of the screen to find the hidden setting.

In the iOS App Store app, it was a bit simpler.

You would first have to tap your profile icon on the top right of the Home page, then your Apple ID, then scroll down to the bottom of the page again.

By comparison, Google Play put subscriptions in its top-level navigation with no scrolling or extra clicks required.

With the iOS update, when you now tap your profile icon in the App Store, “Manage Subscriptions” is right there – and it’s accessible without scrolling. That’s a huge help in making this critical feature more accessible.

Unfortunately, Apple hasn’t made a similar change to simplify the path to subscription management in iOS’s main Settings.

The change was first spotted by MacStories Editor-in-Chief Federico Viticci, who shared a screenshot on Twitter.

Apple recently made a change (seems iOS 12.1.4 and 12.2 beta) to make it easier to manage subscriptions for iOS apps.

Now you just need to open the App Store, tap your profile, and choose 'Manage Subscriptions'. pic.twitter.com/4PtxvAQjTm

— Federico Viticci (@viticci) February 13, 2019

Subscriptions are now one of the main driving forces behind the increase in consumer spending on iPhone.

A recent Sensor Tower report said that iPhone users in the U.S. spent $79 on apps in 2018, up 36% from last year. Much of that is due to mobile gaming, as always, but subscription-based apps are now playing a large role.

Unfortunately, not all developers have been playing by the rules. Many app makers were using misleading tactics to force users to subscribe – like hiding the true costs, using confusing buttons and user interfaces, or suggesting they join a free trial that ends up only lasting for 3 days.

Apple later updated its App Store guidelines to further spell out what is and is not allowed.

But making the rules and enforcing them are two different matters. In the meantime, being able to figure out what subscriptions you have and turning off those you don’t want needed to be simpler.

Also related to this is the fact that Apple is preparing to launch some new subscriptions of its own – presumably, its long-awaited streaming video service and perhaps the news subscription service as well – at a press event in March.

The update to subscriptions to appears to be rolled out worldwide for those on the latest version of iOS.

from Apple – TechCrunch https://tcrn.ch/2DxuGT4

A modest proposal to make apps suck less

Ben Schippers Contributor

Ben Schippers is a co-founder of HappyFunCorp.

More posts by this contributor

• The technology industry needs to think more seriously about device addiction
• Tesla, a great family brand

As the landscape for designing and building technology continues to evolve, so should the process for designing such systems.

Whether it’s for investing or helping to build a product, it’s important to convey a need for the entrepreneur or company to consider the long term impact of their product and to consider a more mindful and deliberate approach.

Product processes should always go in this order: strategy first, then design and lastly, engineering.  If you approach each process pillar with “why?” you will end up with a better product, a more engaged consumer and maybe even a valuable contribution to our ever bloated internet.

PHASE 1, PRODUCT STRATEGY:

Within the product strategy pillar, it’s important to remember that just because someone can build a product, doesn’t mean they should.  Just because a type of technology is available, doesn’t mean it will improve an experience.  Purpose drives products, never technology for its own sake.

Recently at the 40th International Conference of Data Protection, Giovanni Buttarelli, the conference host stated, “Not everything that is legally compliant and technically feasible is morally sustainable.”  In other words, “Should I build it?” is a question to always be asked during this phase. A clue to truly understanding this phase is to ask “How different is my idea before starting this phase vs. after?”

The more an idea has evolved, the better.

PHASE 2, PRODUCT DESIGN:

If designers keep bouncing between phase 1 and 2, that’s a good sign.  Remember, ideas that die in phase 1 should be viewed as wins no matter how much work or time has been put in.

While transitioning to the product design phase, it’s critical to remember: the consumer is tired … really tired.

Assume that most conventions simply don’t resonate with the consumer anymore; consider it a widespread technology burnout — App Fatigue.  A perfect example of this is with notifications or similar mindless alerts.

Do notifications make the experience better?  Do notifications make users want to use the software or the app?  If it’s a question that’s being asked, then the answer is a resounding, no.  Go back to the strategy phase – rinse and repeat.

The questions to ask are quite simply, “What will make a user want to come back to this product without notifications or similar tchotchkes?”

What experience is created that’s going to resonate with the customer? If an overall user experience resonates with the end user, they will willingly come back without notifications.  This may seem obvious or simple, but the obvious answers are typically the hardest to answer and often ignored for that reason.

Consider for a moment what Uber did for hailing a cab, or Airbnb for vacation rentals.  These companies are using a technology to enable a product experience that truly provides a meaningful and rich opportunity for the consumer. They didn’t need notifications to drive consumers back – they provide a service that consumers didn’t know they needed.  It was an original, differentiated idea. The question is does any new leap that hurdle?

If developers make it through the strategy phase and understand the core features to be designed, it’s a good idea to focus on new engineering solutions that can help provide safer, more mindful experiences related to engineering architecture and user data.

ENGINEERING:

Currently, whether inside, Facebook, Google or Amazon, most user data is stored inside centralized servers. This creates security and privacy concerns.

How could developers create a more mindful approach to user data without storing it inside one of only a few major technology companies?  An architecture connecting people on a product via a follow, friending or another, similar, mechanism should have that data be encrypted and stored on the networked phones, versus a centralized server.  In short, passing the user-data baton to your friend(s) instead of a company.

While still in its infancy, the proposed architecture would pair well with an overall product experience that is focused on the future generation of apps.  It would create a decentralized architecture that plays in the favor of the consumer instead of the company. It’s another example of a mindful ‘user-first approach’.  A large leap for startups, it’s a good example of thinking about new approaches and constantly challenging the norm, in this case, user data and security.

PULLING IT ALL TOGETHER:

Consider the following case study as a blueprint:  Imagine proposing to build an inherently social application.  (This example is illustrative because many young entrepreneurs still have social at their core, and many businesses believe social is still a key first differentiator.)

For this example answer: ‘Why are you hoping to build such software?” Followed by “Do you feel this will help people or society in any positive or productive way?” (other than trying to get their attention?) Those targeted questions focus the importance of what software has become and its larger impact on society.

From there, try to shift the focus from higher level strategy — what are you building and why — to specific features: the design phase.  Typically, there’s a friend or follow connection model; a way for people to see activity and some level of bothersome notifications, prompts, or updates.

Then focus on providing mindful alternative solutions to these standard features.  Consider limiting the number of friend requests to help illuminate the product offering?  Or if the product is a bit further down the road: consider putting up a paywall tier for potential customers not wanting to see ads.  Or: consider not having an algorithm sort content and instead, show content as it comes in or give the consumer the option?

Companies are beginning to explore these types of alternatives. Consider what Apple has done for map sharing in their recent IOS release and Google is following suit.

Less is more in the current and future world of software design and development. And mindful, deliberate decisions will provide the underpinning of the next generation of apps and larger software ecosystems.

Providing value in a congested market is very challenging.  But incorporating a mindful approach to product design enables a streamlined architecture that saves time and provides a framework to building products people actually want to use.

from Apple – TechCrunch https://tcrn.ch/2RY0ndr

No, Tencent isn’t about to burn Reddit down

Ahoy, it’s doom and gloom for Reddit after the company welcomed investment from Chinese censorship overlord Tencent.

Well, not quite.

The reality is, in fact, it’s quite the opposite. In recruiting the company behind one of the internet’s largest and vibrant social networks — chat app WeChat — and countless blockbuster games, Reddit has pulled off a major coup and banked a huge amount of cash, both of which can help it grow to the next level.

But, right now, reports in the U.S. are suggesting otherwise. You might have seen a range of negative stories surface in the past week following Reddit’s latest round of investment — first reported by TechCrunch — which is led by Tencent and values the company at $3 billion.

Triggered by a Gizmodo story last week, fear is being stoked that a deal with the “Chinese censorship powerhouse” could lead Reddit awry and bankrupt its morality, well, whatever of that it has left. Reddit users, not ones to be slow on humor, have already plastered the site with content that would be forbidden in China, including Winnie the Pooh, the cartoon character often used to represent Chinese President Xi Jinping.

Gizmodo referred to Tencent as “one of the most important architects of the Great Firewall,” and that’s a refrain that has been repeated in countless other reports.

I get it, it‘s a delicious irony; one of the lawless parts of the internet combining forces with a company that aggressively monitors and censors its users. Plus, Reddit is already blocked in China.

But, unfortunately for Gizmodo, the fears are overblown and its descriptions of Tencent are at best naive and at worst deliberately misguided.

China’s censorship system

Tencent is no “architect” of China’s Great Firewall internet censorship program. It’s one of a number of companies which, from its success, finds itself a prominent target for the government with little room to wiggle out.

Tencent sits in an awkward position, for sure. It is the largest internet company in China — it became the first $500 billion firm in Asia last year — and that makes it a core part of the government’s ongoing campaign to control Chinese internet space.

After an unprecedented crackdown on the Twitter-like service Weibo in 2012, when the government closed down comments for three days, China’s censorship became more proactive rather than reactive. That approach leaves fewer traces, for one thing, and it allows Beijing to shift responsibility to the platforms themselves, which fear the repercussions of angering authorities.

That’s to say that today’s dynamic sees China’s top internet companies, including Tencent, instructed to monitor the content produced by their users and, where necessary, remove it.

Reddit CEO Steve Huffman delivers remarks on “Redesigning Reddit” during the third day of Web Summit in Altice Arena on November 08, 2017 in Lisbon, Portugal. Web Summit.

Censoring social networks is one thing, but censoring WeChat — Tencent’s prized asset and China’s top messaging app with more than a billion monthly users — is another thing altogether. Tencent has been roundly (and rightly) criticized for implementing a range of “silent” blocks that, for some terms, prevent messages from being sent or picked up by the receiver.

Likewise, it has also purged millions of accounts from WeChat following numerous rounds of government-led initiatives that crack down on media, pornography and unsubstantiated rumors.

Those crackdowns and censorship moves are not false, but Gizmodo is painting a picture that suggests Tencent is complicit in cleaning its slate.

The truth is that the company, even a company of its size, has no choice in the matter when the Chinese government comes knocking with demands. To ignore the summons, or fail to act, would cause Tencent — a publicly listed company — serious problems that would not reflect well for shareholders. Adhering to these demands is expensive and resource-intensive, as it requires a new “content checking” division with specialist employees hired and trained. In short, it is certainly not something companies willingly opt-in to.

Reddit confirms $300M Series D led by China’s Tencent at $3B value

A rite of passage

Tencent is definitely not in control of the agenda, as anyone with an eye on tech in China can tell you. The company suffered a poor end to 2018, in part because the Chinese government decided to freeze new game licenses.

That left Tencent unable to monetize its new roster of games, a situation that saw it lose countless hundreds of millions in revenue and saw its share price drop by nearly 50 percent between March and October. The freeze has only just thawed, with a handful of licenses tentatively distributed this year.

So much for the Chinese government looking after their own.

These issues affect every tech company in China with a meaningful presence. Getting hit by government demands and censorship requests is a rite of passage for tech startups in China, like a dreaded badge of honor that shows your service has grown suitably influential to be considered a threat.

That happened to ByteDance, the company behind TikTok, the current social darling for many U.S. media. Last year, its CEO was forced to issue a groveling apology after it had “overemphasized growth and scale over quality and responsibility.”

The company resolved to increase its content checkers (read, censorship police) from 6,000 to 10,000 people, a move likely made to appease the government. Still, it was made an example of, with a number of TikTok apps removed from app stores and shuttered on the word of authorities.

Welcome to the club!

But it isn’t just Chinese companies.

Tencent became Asia’s first $500 billion company thanks to a stock rally — today it is worth around $425 billion [Photographer: Qilai Shen/Bloomberg via Getty Images]

Choices

Apple, the self-proclaimed protector of freedom, removed every unlicensed VPN from its China-based App Store at the behest of the government in 2017. While, in a rare move that runs counter to its core privacy focus, it relented to state rules and agreed to store Chinese iCloud user data on Chinese soil, through a government-backed cloud service provider, no less.

The difference between Apple and the likes of Tencent and ByteDance is that the U.S. company has a choice. It entered China voluntarily and it has complied with free speech-quashing demands to keep its revenue flowing.

Tencent and ByteDance, as the biggest internet players, would have a tough time moving outside of their native China and remaining in business. Maybe, in today’s censorship-heavy era, some Chinese companies wish they had started out in Hong Kong or another domain, but few markets have the opportunity that comes with 800 million internet users.

The point is that they have no control over censorship demands and no leverage to push back. To blame them — and paint them as co-conspirators, even “architects” — is misleading.

Tencent, in fact, has a reputation as a skillful investor that can be an asset for non-Chinese companies.

Its capital and guidance helped Fortnite creator Epic Games completely revamp its business into the smash hit success that it is today. Elsewhere, Tencent is the largest single investor in Snap — CEO Evan Spiegel has said he often seeks its guidance — and its other deals include Tesla, Discord, Kik and more, none of which have resulted in the introduction of censorship.

Yes, Reddit and Tencent are strange bedfellows, but that’s exactly the point of venture capital. The best founders surround themselves with different opinions, perspectives and experiences to ensure that they are evaluating all possible strategies. Tencent can give Reddit unique insight which, for those who use it, can only be a net positive for the future health of Reddit’s business and continued service.

from Apple – TechCrunch https://tcrn.ch/2tjS7dW

Apple fails to block porn & gambling “Enterprise” apps

Facebook and Google were far from the only developers openly abusing Apple’s Enterprise Certificate program meant for companies offering employee-only apps. A TechCrunch investigation uncovered a dozen hardcore pornography apps and a dozen real-money gambling apps that escaped Apple’s oversight. The developers passed Apple’s weak Enterprise Certificate screening process or piggybacked on a legitimate approval, allowing them to sidestep the App Store and Cupertino’s traditional safeguards designed to keep iOS family friendly. Without proper oversight, they were able to operate these vice apps that blatantly flaunt Apple’s content policies.

The situation shows further evidence that Apple has been neglecting its responsibility to police the Enterprise Certificate program, leading to its exploitation to circumvent App Store rules and forbidden categories. For a company whose CEO Tim Cook frequently criticizes its competitors for data misuse and policy fiascos like Facebook’s Cambridge Analytica, Apple’s failure to catch and block these porn and gambling demonstrates it has work to do itself.

Porn apps PPAV and iPorn (iP) continue to abuse Apple’s Enterprise Certificate program to sidestep the App Store’s ban on pornography. Nudity censored by TechCrunch

 

TechCrunch broke the news last week that Facebook and Google had broken the rules of Apple’s Enterprise Certificate program to distribute apps that installed VPNs or demanded root network access to collect all of a user’s traffic and phone activity for competitive intelligence. That led Apple to briefly revoke Facebook and Google’s Certificates, thereby disabling the companies’ legitimate employee-only apps which caused office chaos.

Apple issued a fiery statement that “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” Meanwhile, dozens of prohibited apps were available for download from shady developers’ websites.

Apple offers a lookup tool for finding any business’ D-U-N-S number, allowing shady developers to forge their Enterprise Certificate application

The problem starts with Apple’s lax standards for accepting businesses to the enterprise program. The program is for companies to distribute apps only to their employees, and its policy explicitly states “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers”. Yet Apple doesn’t adequately enforce these policies.

Developers simply have to fill out an online form and pay $299 to Apple, as detailed in this guide from Calvium. The form merely asks developers to pledge they’re building an Enterprise Certificate app for internal employee-only use, that they have the legal authority to register the business, provide a D-U-N-S business ID number, and have an up to date Mac. You can easily Google a business’ address details and look up their D-U-N-S ID number with a tool Apple provides. After setting up an Apple ID and agreeing to its terms of service, businesses wait one to four weeks for a phone call from Apple asking them to reconfirm they’ll only distribute apps internally and are authorized to represent their business.

With just a few lies on the phone and web plus some Googleable public information, sketchy developers can get approved for an Apple Enterprise Certificate.

Real-money gambling apps openly advertise that they have iOS versions available that abuse the Enterprise Certificate program

Given the number of policy-violating apps that are being distributed to non-employees using registrations for businesses unrelated to their apps, it’s clear that Apple needs to tighten the oversight on the Enterprise Certificate program. TechCrunch found thousands of sites offering downloads of “sideloaded” Enterprise apps, and investigating just a sample uncovered numerous abuses.  Using a standard un-jailbroken iPhone. TechCrunch was able to download and verify 12 pornography and 12 real-money gambling apps over the past week that were abusing Apple’s Enterprise Certificate system to offer apps prohibited from the App Store. These apps either offered streaming or pay-per-view hardcore pornography, or allowed users to deposit, win, and withdraw real money — all of which would be prohibited if the apps were distributed through the App Store.

A whole screen of prohibited sideloaded porn and gambling apps TechCrunch was able to download through the Enterprise Certificate system

In an apparent effort to step up policy enforcement in the wake of TechCrunch’s investigation into Facebook and Google’s Enterprise Certificate violations, Apple appears to have disabled some of these apps in the past few days, but many remain operational. The porn apps that we discovered which are currently functional include Swag, PPAV, Banana Video, iPorn (iP), Pear, Poshow, and AVBobo, while the currently functional gambling apps include RD Poker and RiverPoker.

The Enterprise Certificates for these apps were rarely registered to company names related to their true purpose. The only example was Lucky8 for gambling. Many of the apps used innocuous names like Interprener, Mohajer International Communications, Sungate, and AsianLiveTech. Yet others seemed to have forged or stolen credentials to sign up under the names of completely unrelated but legitimate businesses. Dragon Gaming was registered to US gravel supplier CSL-LOMA. As for porn apps, PPAV’s certificate is assigned to the Nanjing Jianye District Information Center, Douyin Didi was licensed under Moscow motorcycle company Akura OOO, Chinese app Pear is registered to Grupo Arcavi Sociedad Anonima in Costa Rica, and AVBobo covers its tracks with the name of a Fresno-based company called Chaney Cabinet & Furniture Co.

You can see a full list of the policy violating apps we found below:

Apple refused to explain how these apps slipped into the Enterprise Certificate app program. It declined say if it does any follow-up compliance audits on developers in the program or if it plans to change admission process. An Apple spokesperson did provide this statement, though, indicating it will work to shut these apps down and potentially ban the developers from building iOS products entirely:

“Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action.”

TechCrunch asked Guardian Mobile Firewall’s security expert Will Strafach to look at the apps we found and their Certificates. Strafach’s initial analysis of the apps didn’t find any glaring evidence that the apps misappropriate data, but they all do violate Apple’s Certificate policies and provide content banned from the App Store. “At the moment, I have noticed that action is slower regarding apps available from an independent website and not these easy-to-scrape app directories” that occasionally crop up offering centralized access to a plethora of sideloaded apps.

Porn app AVBobo uses an Enterprise Certificate registered to Fresno’s Chaney Cabinet & Furniture Co

Strafach explained how “A significant number of the Enterprise Certificates used to sign publicly available apps are referred to informally as ‘rogue certificates’ as they are often not associated with the named company. There are no hard facts to confirm the manner in which these certificates originate, but the result of the initial step is that individuals will gain control of an Enterprise Certificate attributable to a corporation, usually China/HK-based. Code services are then sold quietly on Chinese language marketplaces, resulting in sometimes 5 to 10 (or more) distinct apps being signed with the same Enterprise Certificate.” We found Sungate and Mohajer Certificates were farmed out for use by multiple apps in this way.

“In my experience, Enterprise Certificate signed apps available on independent websites have not been harmful to users in a malicious sense, only in the sense that they have broken the rules” Strafach notes. “Enterprise Certificate signed apps from these Chinese ‘helper’ tools, however, have been a mixed bag. Zoe example, in multiple cases, we have noticed such apps with additional tracking and adware code injected into the original now-repackaged app being offered.”

Porn apps like Swag openly advertise their availability on iOS

Interestingly, none of the off-limits apps we discovered asked users to install a VPN like Google Screenwise, let alone root network access like Facebook Research. TechCrunch reported this month that both apps had been paying users to snoop on their private data. But the iOS versions were banned by Apple after we exposed their policy violations, and Apple also caused chaos at Facebook and Google’s offices by temporarily shutting down their employee-only iOS apps too. The fact that these two US tech giants were more aggressive about collecting user data than shady Chinese porn and gambling apps is telling.“This is a cat-and-mouse game” Strafach concluded regarding Apple’s struggle to keep out these apps. But given the rampant abuse, it seems Apple could easily add stronger verification processes and more check-ups to the Enterprise Certificate program. Developers should have to do more to prove their apps’ connection with the Certificate holder, and Apple should regularly audit certificates to see what kind of apps they’re powering.

Back when Facebook missed Cambridge Analytica’s abuse of its app platform, Cook was asked what he’d do in Mark Zuckerberg’s shoes. “I wouldn’t be in this situation” Cook frankly replied. But if Apple can’t keep porn and casinos off iOS, perhaps Cook shouldn’t be lecturing anyone else.

Facebook pays teens to install VPN that spies on them

from Apple – TechCrunch https://tcrn.ch/2GF1QmM

Sub-brands are the new weapon in China’s smartphone war